Week in review: DNA-based malicious code injection, password power rankings

Here’s an overview of some of last week’s most interesting news, podcasts and articles:

New Cerber ransomware variant steals Bitcoin wallets, passwords
Here’s a new reason to fear ransomware more than ever before: a new variant of Cerber has been modified to steal Bitcoin wallets and passwords before encrypting victims’ files and demanding ransom.

Obscuring malicious Facebook links using the Open Graph Protocol
Most users click on links popping up in their Facebook News Feed without thinking twice about it, but it’s good to keep in mind that they can lead to malicious sites.

Where does corporate cloud security responsibility begin and service provider responsibility end?
Conditions of trust, real or expected, are essential for digital economies to grow and prosper. As more organizations rely on cloud service providers, partner responsibilities for security must be well understood and comprehensive. If you are not sure who’s responsible for security, no one is.

UK essential service operators with poor cyber security face massive fines
Organisations who fail to implement effective cyber security measures could be fined as much as £17 million or 4 per cent of global turnover, as part of plans to make Britain’s essential networks and infrastructure safe, secure and resilient against the risk of future cyber attacks.

Dash invites researchers to hack their blockchain
Commencing in August, Dash will employ a private bug bounty program through Bugcrowd, tapping into a curated, invite-only crowd to find Dash vulnerabilities, and then, in line with the rollout of Evolution, expand to a public program with over 60,000 registered security experts.

Researchers pull off DNA-based malicious code injection attack
Researchers have demonstrated that it’s possible to create synthetic DNA strands containing malicious computer code that, if sequenced and analyzed, could compromise a computer.

Password Power Rankings: A look at the practices of 40+ popular websites
Nothing should be more important for these sites and apps than the security of the users who keep them in business. Unfortunately, Dashlane found that that 46% of consumer sites, including Dropbox, Netflix, and Pandora, and 36% of enterprise sites, including DocuSign and Amazon Web Services, failed to implement the most basic password security requirements.

InfoArmor: Actionable intelligence, comprehensive protection
In this podcast recorded at Black Hat USA 2017, Mike Kirschner, Senior Vice President of Advanced Threat Intelligence at InfoArmor, talks about how they offer operatively-sourced threat intelligence, specialized cyber security services and real-time, client-specific alerts to protect your network and prevent data exfiltration.

How a port misconfiguration exposed critical infrastructure data
Much has already been said and written about the dangers of potential cyber attacks targeting the electric/power grid. And in Ukraine, they’ve already gone from theoretical scenarios to actual attacks. More limited attacks hitting companies’ electrical systems are also possible, especially when information that provides insight into those systems’ weak points is freely accessible online.

Stealthy Mughthesec Mac adware exposed: What it does, how to protect yourself
Mac malware is still a rare occurrence, so it’s no wonder that some of it can lurk, unnoticed for months, on random machines.

Has healthcare misdiagnosed the cybersecurity problem?
Most senior leadership in healthcare is medically trained with a clinical background in an industry built on such noble concepts as “do no harm” and forward-thinking practices like evidence-based medicine. Through this lens, healthcare organizations regularly misinterpret the nature of the cybersecurity problem and consequently, how to treat it.

Understanding your responsibility and security in the cloud
In this podcast recorded at Black Hat USA 2017, Chris Drake, CEO at Armor, talks about the difference between security of the cloud and security in the cloud.

The untapped potential of machine learning for detecting fraud
E-commerce fraud protection company Signifyd has recently signed up behavioral analytics expert Long-Ji Lin to fill the position of Chief Scientist. What better opportunity than this to sit down with him and enquire about his expectations?

Unsecured Wi-Fi hotspots and troubling browsing behaviors
As adoption of cloud and mobile continues to rise, common employee practices inside and outside the workplace create risk for enterprises. To uncover the risks posed by users’ data-related habits, Bitglass tested real-world scenarios – frequency of connections to unsecured Wi-Fi hotspots, rate of external sharing in cloud applications, and the volume of corporate credentials already exposed.

We can’t rely on black swans: Three areas to improve cyber policy now
What will it take for cybersecurity policy to finally catch up to the digital age?

HBO hackers demand money, leak more stolen data and GoT scripts
The hackers who’ve breached HBO and supposedly made off with 1.5TB of the company’s data have released a second data dump.

New UK data protection law to offer more control to users
UK citizens will have more control over how their personal information is used by businesses, and the right to demand from social media companies and online traders the deletion of such data, the UK government has decided.

Automating the hunt for cyber attackers
In this podcast recorded at Black Hat USA 2017, Mike Banic, Vice President, Marketing, and Chris Morales, Head of Security Analytics at Vectra Networks, talk about the use of artificial intelligence to perform non-stop, automated threat hunting with always-learning behavioral models to find hidden and unknown attackers before they do damage.

Siemens CT scanners open to remote compromise via publicly available exploits
Siemens has finally provided patches for a number of Microsoft Windows SMBv1 vulnerabilities that affect some of the medical devices sold under the Siemens Healthineers brand. But the company is yet to release patches for four easily and remotely exploitable flaws affecting select Siemens Healthineers molecular imaging products (PET, SPECT and CT scanners), exploits for which are, according to ICS CERT, publicly available.

Qualys CISO on making everything visibile and secure
In this podcast recorded at Black Hat USA 2017, Mark Butler, CISO at Qualys, talks about his role, streamlining security and compliance solutions, building security into digital transformation initiatives, end-to-end IT security, keeping your teams in sync, and compliance for all your assets.

New infosec products of the week​: August 11, 2017
A rundown of infosec products released last week.

More about

Don't miss